<html>
<head><meta charset="utf-8"><title>least authority crates · wg-secure-code · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/index.html">wg-secure-code</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/least.20authority.20crates.html">least authority crates</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="148901120"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/least%20authority%20crates/near/148901120" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/least.20authority.20crates.html#148901120">(Dec 01 2018 at 00:49)</a>:</h4>
<p>I posted a writeup of an "unsafe features" idea I've been thinking about: <a href="https://internals.rust-lang.org/t/crate-capability-lists/8933/2?u=bascule" target="_blank" title="https://internals.rust-lang.org/t/crate-capability-lists/8933/2?u=bascule">https://internals.rust-lang.org/t/crate-capability-lists/8933/2?u=bascule</a></p>



<a name="148901137"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/least%20authority%20crates/near/148901137" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/least.20authority.20crates.html#148901137">(Dec 01 2018 at 00:49)</a>:</h4>
<p>it's a sort of halfway point between going full ocap and letting any given crate take over your computer, server, business, etc</p>



<a name="150736838"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/least%20authority%20crates/near/150736838" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> briansmith <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/least.20authority.20crates.html#150736838">(Dec 02 2018 at 21:13)</a>:</h4>
<p><span class="user-mention" data-user-id="132721">@Tony Arcieri</span> What is the problem that you're trying to solve? Avoiding intentionally malicious code, or avoiding accidentally dangerous code?</p>



<a name="150736886"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/least%20authority%20crates/near/150736886" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> briansmith <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/least.20authority.20crates.html#150736886">(Dec 02 2018 at 21:14)</a>:</h4>
<p>If it is intentional malicious code, there are lots of ways to subvert the <code>unsafe</code> mechanism including sometimes simply defining a <code>#[no_mangle]</code> function named <code>main()</code> or similar</p>



<a name="150738884"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/least%20authority%20crates/near/150738884" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/least.20authority.20crates.html#150738884">(Dec 02 2018 at 22:20)</a>:</h4>
<p>the former, although as something weaker than "redesign Rust to be an ocap language", which is what some people are pushing</p>



<a name="150738892"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/least%20authority%20crates/near/150738892" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/least.20authority.20crates.html#150738892">(Dec 02 2018 at 22:21)</a>:</h4>
<p>and yeah, scroll down in that thread, I mention <code>#[no_mangle]</code></p>



<a name="150738894"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/least%20authority%20crates/near/150738894" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/least.20authority.20crates.html#150738894">(Dec 02 2018 at 22:21)</a>:</h4>
<p>and suggested it would need to be <code>#[cfg_attr(unsafe_feature = "x", no_mangle)]</code></p>



<a name="150738941"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/least%20authority%20crates/near/150738941" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/least.20authority.20crates.html#150738941">(Dec 02 2018 at 22:22)</a>:</h4>
<p>anyway, it's not that I don't want to see ocap features in Rust, it's that they <em>can't</em> work so long as <code>unsafe</code> is available</p>



<a name="150802205"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/least%20authority%20crates/near/150802205" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/least.20authority.20crates.html#150802205">(Dec 03 2018 at 21:33)</a>:</h4>
<p>heh <a href="https://medium.com/agoric/pola-would-have-prevented-the-event-stream-incident-45653ecbda99" target="_blank" title="https://medium.com/agoric/pola-would-have-prevented-the-event-stream-incident-45653ecbda99">https://medium.com/agoric/pola-would-have-prevented-the-event-stream-incident-45653ecbda99</a></p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>